android平台权限提升技术分析与实现word格式论文.docxVIP

AbstractAndroid platform has the biggest market share of the mobile intelligent terminal platforms in recent years. At the same time, it has the largest number of malicious software among all the mobile platforms. Therefore, the study of Android platform security has become the research focus in the field of information security.Based on the depth study and analysis of the security mechanisms of Android permission, the defects and disadvantages have been found. Through privilege escalation technology, program’s permission can be escalated to the highest permission, namely root permission, so that the program can get access to arbitrary files in Android device.The core research point of permission escalation technology in this paper is the privilege escalation vulnerabilities on Android platform.The privilege escalation vulnerabilities on Android platform can divid into two groups to study. One is vulnerabilities from Android operating system and the other is vulnerabilities from Linux operating system. This paper selected 3 most valuable privilege escalation vulnerabilities as study objects and focused on their exploiting principles and exploiting scripts. Exploiting scripts constructed specific code to trigger the vulnerability in order to escalate the permission, so that the lower permission program can also performed the codes which only root users can execute. At last, this paper make use of the above 3 vulnerabilities to realized an Android platform permission escalation tool called PETA(Permission Escalation Tool for Android-platform). The PETA tool will write special files to the Android device to get root permission after performing the exploiting scripts.ZergRush, Exynos and Getuser are the 3 vulnerabilities of PETA tool, covering Android 2.x and4.x version, and several devices with Samsung Exynos processor. In theory, PETA applies to more than 90% Android devices. Experimental results show that the PETA tool has a wide application range, a very high rate o